From owner-cvs-all@FreeBSD.ORG Thu Nov 22 01:24:20 2007 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E5F316A473; Thu, 22 Nov 2007 01:24:20 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id C73E513C504; Thu, 22 Nov 2007 01:24:19 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id A48A341C75A; Wed, 21 Nov 2007 23:33:24 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id r+QkC5UAVyBP; Wed, 21 Nov 2007 23:33:24 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 5077841C752; Wed, 21 Nov 2007 23:33:24 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0DABD4448D5; Wed, 21 Nov 2007 22:33:15 +0000 (UTC) Date: Wed, 21 Nov 2007 22:33:15 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org In-Reply-To: <200711212230.lALMUE59024039@repoman.freebsd.org> Message-ID: <20071121223042.X53707@maildrop.int.zabbadoz.net> References: <200711212230.lALMUE59024039@repoman.freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: cvs commit: src/sys/netinet tcp_output.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2007 01:24:20 -0000 On Wed, 21 Nov 2007, Bjoern A. Zeeb wrote: > bz 2007-11-21 22:30:14 UTC > > FreeBSD src repository > > Modified files: > sys/netinet tcp_output.c > Log: > Make TSO work with IPSEC compiled into the kernel. > > The lookup hurts a bit for connections but had been there anyway > if IPSEC was compiled in. So moving the lookup up a bit gives us > TSO support at not extra cost. > > PR: kern/115586 > Tested by: gallatin > Discussed with: kmacy > MFC after: 2 months > > Revision Changes Path > 1.143 +16 -3 src/sys/netinet/tcp_output.c Remarks: * There is an edge case that has not been and is not addressed by this commit: in case memory allocation fails in ipsec_hdrsiz_tcp() we return 0 and enable TSO anyway. Also ipoptlen calculation would be wrong if the proper lookup would have shown that we will do IPsec processing. * ipsec?_hdrsiz() in the call path from ipsec_hdrsiz_tcp() still has an XXX comment 'if we should panic in case no IPSEC processing is needed'. That was never enforced and the comment should probably be removed as there have not been and are no checks if IPsec processing is needed before this (else we would not need to do the lookup here). * We should see if we can find a shortcut to check if IPsec processing is needed to not hurt connections that much in case IPSEC is compiled in but there are no policies or ipsec would "not be enabled". Future IPSec work should keep that in mind. (Discussed with sam and rwatson) -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.